top of page
perceptive_background_267k.jpg

Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Att…

Published:

15 January 2026 at 23:00:00

Alert date:

16 January 2026 at 01:13:28

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Supply Chain & Dependencies

Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows attackers to modify the valet command with root privileges. The vulnerability enables users to edit the symlinked valet command to execute arbitrary code with root permissions without requiring additional authentication. This affects the Laravel development environment tool used on macOS systems. The vulnerability has been documented with exploit code available publicly.

Technical details

Mitigation steps:

Affected products:

Laravel Valet

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2021-47756
https://laravel.com/docs/8.x/valet
https://www.exploit-db.com/exploits/50591
https://www.vulncheck.com/advisories/laravel-valet-local-privilege-escalation-macos

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page